Possible routing issue

Not sure what is going on, have a dmvpn tunnel connecting but can ping anything past the tunnel endpoint

Here is the config from the remote router

Current configuration : 10553 bytes
!
! Last configuration change at 12:59:10 EST Mon Apr 20 2015 by routeradmin
version 15.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname r1-location135
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging count
logging buffered 50000 informational
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone EST -5 0
clock summer-time EST recurring
!
crypto pki trustpoint TP-self-signed-3301874306
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3301874306
 revocation-check none
 rsakeypair TP-self-signed-3301874306
!
!

 
no ip source-route
!
!
!
!


!
ip vrf force-tunnel
 rd 64:1
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.20
ip dhcp excluded-address 192.168.2.240 192.168.2.254
ip dhcp excluded-address 192.168.3.1 192.168.3.24
ip dhcp excluded-address 192.168.3.36 192.168.3.254
ip dhcp excluded-address 172.25.135.1 172.25.135.24
ip dhcp excluded-address 172.25.135.36 172.25.135.254
!
ip dhcp pool guest
 import all
 network 192.168.2.0 255.255.255.0
 dns-server 4.2.2.2
 default-router 192.168.2.1
!
ip dhcp pool voip
 import all
 network 192.168.3.0 255.255.255.0
 dns-server 216.194.28.69 216.194.28.33
 default-router 192.168.3.1
!
ip dhcp pool location135
 import all
 network 172.25.135.0 255.255.255.0
 dns-server 10.10.1.10 192.168.145.119
 default-router 172.25.135.1
!
!
!
no ip bootp server
ip domain timeout 4
no ip domain lookup
ip domain name nw.local
ip name-server vrf force-tunnel 10.10.1.10
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
username localAdmin privilege 15 secret 5 xxxxxxxx
username tech privilege 5 secret 5 xxxxxxx
!
!
!
!
!
ip tcp synwait-time 10
ip tftp source-interface Vlan1
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key key1 address xxx.xxx.xxx.xxx
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
 mode transport
crypto ipsec df-bit clear
!
crypto ipsec profile SDM_Profile1
 set transform-set ESP-3DES-SHA
!
!
!
!
!
!
!
interface Loopback0
 description loop0-r1-location135
 ip vrf forwarding force-tunnel
 ip address 192.168.210.135 255.255.255.255
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
!
interface Tunnel0
 description tunnel vpn2-orl1.nw.local$FW_INSIDE$
 bandwidth 1000
 ip vrf forwarding force-tunnel
 ip address 192.168.217.135 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting output-packets
 ip mtu 1400
 ip flow ingress
 ip nhrp authentication DMVPN_NW
 ip nhrp map 192.168.217.1 xxx.xxx.xxx.xxx
 ip nhrp network-id 100000
 ip nhrp holdtime 360
 ip nhrp nhs 192.168.217.1
 ip tcp adjust-mss 1360
 delay 1000
 tunnel source FastEthernet4
 tunnel destination xxx.xxx.xxx.xxx
 tunnel key 100000
 tunnel protection ipsec profile SDM_Profile1
!
interface Null0
 no ip unreachables
!
interface FastEthernet0
 description Uplink-to-Switch or AP
 switchport mode trunk
 no ip address
!
interface FastEthernet1
 description Reg1-Primary-POS-mac=AAAA.BBBB.CCCC
 no ip address
!
interface FastEthernet2
 description Reg1-Secondary-POS-mac=AAAA.BBBB.CCCC
 no ip address
!
interface FastEthernet3
 description VOIP and MUSIC
 switchport access vlan 3
 no ip address
!
interface FastEthernet4
 description $ETH-WAN$
 ip address dhcp client-id FastEthernet4
 ip access-group 101 in
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Vlan1
 description StoreLocalNetwork$FW_INSIDE$
 ip vrf forwarding force-tunnel
 ip address 172.25.135.1 255.255.255.0
 ip access-group locationAllowedAccessTo in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip virtual-reassembly in
 no autostate
!
interface Vlan2
 description Guest-Wifi
 ip address 192.168.2.1 255.255.255.0
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 no autostate
!
interface Vlan3
 description VOIP
 ip address 192.168.3.1 255.255.255.0
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 no autostate
!
!
router eigrp 64
 !
 address-family ipv4 vrf force-tunnel
  network 10.0.0.0
  network 172.24.0.0
  network 172.25.0.0
  network 192.168.211.0
  network 192.168.217.0
  autonomous-system 64
  eigrp stub connected
 exit-address-family
 auto-summary
 passive-interface default
!
ip forward-protocol nd
no ip http server
ip http access-class 50
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip dns view vrf force-tunnel default
ip dns view default
 domain timeout 4
 no dns forwarding
ip nat inside source list 199 interface FastEthernet4 overload
ip route vrf force-tunnel 0.0.0.0 0.0.0.0 Tunnel0 name vpn2-location1
ip route 0.0.0.0 0.0.0.0 FastEthernet4 dhcp
!
ip access-list extended locationAllowedAccessTo
 permit ip any any
ip access-list extended vty-access
 permit ip host 10.10.2.17 any
 permit ip host 192.168.100.56 any
 permit ip 172.25.0.0 0.0.255.255 any
 permit ip 192.168.101.0 0.0.0.255 any
 permit ip 10.3.2.0 0.0.0.255 any
 permit ip host 192.168.214.1 any
 permit ip host 192.168.215.1 any
 permit ip host 192.168.217.1 any
 permit ip host 10.10.2.86 any
 permit ip host 10.10.1.36 any
 permit ip 10.10.1.0 0.0.0.255 any
 permit ip 10.10.2.0 0.0.0.255 any
 deny   ip any any log
!
logging trap debugging
dialer-list 1 protocol ip permit
!
access-list 1 remark -----SDM_ACL Category=2
access-list 1 permit 192.168.98.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 50 permit 10.10.2.17
access-list 50 permit 192.168.100.56
access-list 50 permit 192.168.100.73
access-list 50 permit 192.168.100.66
access-list 50 permit 192.168.100.83
access-list 50 permit 172.25.135.0 0.0.0.255
access-list 50 permit 10.10.1.0 0.0.0.255
access-list 50 permit 192.168.3.0 0.0.0.255
access-list 50 permit 192.168.101.0 0.0.0.255
access-list 50 deny   any log
access-list 101 remark -----ALLOW DHCP INTO F4
access-list 101 remark CCP_ACL Category=17
access-list 101 permit udp host xxx.xxx.xxx.xxx any eq non500-isakmp
access-list 101 permit udp host xxx.xxx.xxx.xxx any eq isakmp
access-list 101 permit esp host xxx.xxx.xxx.xxx any
access-list 101 permit ahp host xxx.xxx.xxx.xxx any
access-list 101 permit gre host xxx.xxx.xxx.xxx any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 remark -----ICMP
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 199 remark ------ DIRECT OUTSIDE CONNECTIONS
access-list 199 permit ip 192.168.3.0 0.0.0.255 any
access-list 199 permit ip 192.168.2.0 0.0.0.255 any
!
!
!
control-plane
!
!

^C
!
line con 0
 no modem enable
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 access-class vty-access in vrf-also
 privilege level 15
 transport input telnet ssh
!
scheduler interval 500
!
end

r1-location135#

trying to ping 10.10.1.10 and not getting any response. From the endpoint router (local) I can ping it

thoughts, if my info is needed please let me know
LVL 1
progjmAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel SheppardSenior Network Analyst - Core & PerimeterCommented:
Since your are using VRF, are you pinging from an interface that is in the "force-tunnel" vrf?  (ping vrf force-tunnel 10.10.1.10)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
progjmAuthor Commented:
Figured it would be that easy, thank you!
0
Daniel SheppardSenior Network Analyst - Core & PerimeterCommented:
If you are working with VRF's many commands may need the vrf statement (telnet, ssh, etc) as well as any show commands.  Syntax is sometimes wonky ( "/vrf <VRF>" for telnet and "vrf <VRF>" for ping for example with the ping command requiring it at the start and the telnet command near the end)
0
progjmAuthor Commented:
Thank you, I appreciate it
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.